Tag Archives: juniper

SSH Juniper EX series issue

So I recently experienced a switch which lost power and was not gracefully shut down.

After the switch came back up SSH stopped working. I had to console on to the switch to gain access.

Deleting SSH and re-adding it did not resolve any of the issues.

The following article HERE saved me when I discovered the following it the logs (below), researching this lead me to the article (4th line support Google)….

sshd 9299 – – fatal: Missing privilege separation directory: /var/empty

The following commands resolved the issue. Please note you will need to be logged in with root.

Start Shell
ls /var/empty
mkdir /var/empty
chown root:wheel /var/empty
chmod 555 /var/empty
ps aux sshd

If sshd is running already run ‘kill -HUP <PID of SSHD>’ without quotes where ‘PID’ is the process ID of sshd

Under shell you can do the following command to see the process and the PID of SSH.

top 

If sshd is not running

do the following command to start it under shell.

/usr/sbin/sshd

Advertisements
Tagged , ,

SRX IPsec VPN poor throughput

I recently came against an issue of slow throughput on a IPsecVPN between two SRX220’s. The SRX220 is capable of around 100Mbps according the spec sheet, with an IPsec VPN.

The issue I was seeing was around 25Mbps over the VPN. The connection between the two SRX’s is just a L2VPN interconnect, so I wouldn’t have thought this to be the issue. If it was a 3rd party Ethernet or ADSL would of lead me more down the path of checking connectivity.

Further investigation lead me to find out that from the customer that on the end of the SRX’s are 2x SAN’s with MTU 9000. this lead me to finding out that the VPN on the SRX is capable of MTU 1350. So by this the packets are being fragmented causing the lower throughput of the VPN.

With the following article LINK

Setting the following two commands on both SRX’s resolved the issue it did take a while for it to take affect so I would suggest applying and checking the next day to see any improvement.

set security flow tcp-session no-sequence-check
set security flow tcp-mss ipsec-vpn mss 1350

Tagged , , , , ,

Juniper SRX210 JUNOS Update

First time doing this not yet had the chance to issue the firmware update, so I will update this again to add anything extra if needed.

Juniper do make it much easier to update their firmware than Cisco.

This is presuming the SRX210 is setup already and can be remotely accessed.  (I will add later on a from out of the box firmware update)

##WinSCP great tool for connect via SSH to linux and other deivce such a the SRX210.

WinSCP to SRX 210

Loging to SRX 210 as ROOT

##Copy firmware latest recommend fimrware for SRX to the following folder…

cf/var/tmp

##Check firmware has been added by running the following command…

file list /var/tmp/

##Once completed and ready to install run the following command

request system software add /var/tmp/junos-srxsme-11.4R5.5-domestic.tgz

##Once the message appears requesting to restart issue the following command

request system reboot
Tagged , , , ,